Shownotes Transcript
The FBI seizes dispossessor ransomware infrastructure. The US charges one of cybercrime's original gangsters. A hacker leaks upcoming Netflix shows. And the UK wants to set up a nationwide cyber deception network. This is Risky Business News, prepared by Katalin Kimpanu and read by me, Claire Aird. Today is the 14th of August and this podcast episode is brought to you by Corelight.
In today's top story, American officials have seized server infrastructure linked to the dispossessor data extortion group. The FBI seized nine domains and 24 servers linked to the gang's operations. The U.S. Department of Justice also filed a criminal complaint against the alleged ringleader of the group, a hacker known as Brain, who is believed to be based in Europe.
Members of several other ransomware gangs formed the Dispossessor Group in August. It launched a leak site in February and a full-blown ransomware as a service platform in May.
In other news, the US government has charged a Belarusian and a Ukrainian dual national for his role in two long-running cybercrime operations. Officials say Maxim Silnikov was a core member of the Angla Exploit Kit operation for nine years. He also founded and ran the Ransom Cartel ransomware service in 2021.
Officials in the UK say that Silnico was involved in the deployment of the Reviton ransomware whilst part of the Angler gang back in 2011. Reviton was the world's first widely distributed ransomware strain. The UK's National Crime Authority says that at its peak, Angler accounted for 40% of all exploit kit infections and was earning $34 million a year.
Silniko was arrested in a resort town in southern Spain in July last year and extradited to the US last week. The US has also charged two others for their role in the Angler malvertising operation, Vladimir Kedaria from Belarus and Andrei Tarasov from Russia.
The FBI is investigating attempted hacks of both the Trump and Biden-Harris campaigns earlier this year. The FBI says the investigation includes attempts to hack three Biden-Harris campaign staffers and former Trump adviser Roger Stone. The agency confirmed the investigation after the Trump campaign claimed it was hacked by Iran. The hackers leaked documents from the Trump campaign to Politico at the end of July. The same files were also shared with the New York Times and the Washington Post
who chose not to report on them until Politico broke the news. The UK government is exploring the idea of deploying a nationwide cyber deception network. The network would involve deploying honey tokens inside private networks and honeypots in organisations that have mature security teams. The UK's cyber security wants to deploy a minimum of 2 million honey tokens and 200,000 honeypots across UK organisations.
The US National Institute of Standards and Technology announced three new encryption algorithms designed to protect against attacks by quantum computers. NIST has been working on the standards for the past eight years. The three were selected from 82 algorithms submitted from 25 countries.
Hackers have stolen and linked more than 50,000 files from Poland's anti-doping agency, Polada. The incident last week exposed the personal details and medical records of thousands of Polish athletes. The agency claims the hack was carried out by the services of an enemy state. A Polish minister told local media the government is currently looking at Russia or Belarus as potential sources of the leak.
A hacker has leaked upcoming shows from Netflix and Crunchyroll. Netflix blamed the leaks on one of its post-production companies. Sources claim the leak came from IUNO, a Californian company specialising in subtitling and content distribution services. IUNO disclosed a security breach last Friday, but did not take the blame for the Netflix show leaks. According to Bbomb, the leaks included episodes from the upcoming Season 2 of Emmy Award-winning series Arcane.
Forklift maker Crown disclosed a security breach last week after a threat actor gained access to one of its IT environments. The breach took place at the start of June and Crown says the attacker was able to gain access to some employee benefits and retirement data. Crown says it's since contained the intrusion. The company's data has not been listed on any ransomware leak sites.
Australian gold mining company Evolution Mining says it was the victim of a ransomware attack last week. The company says it handled the incident with no material impact on its operations. The incident comes two months after the Bian Lian ransomware group hit Northern Minerals, another Australian mining company. Evolution Mining is one of Australia's six biggest mining corporations.
Chemical manufacturing company Orion SA lost $60 million in a wire fraud incident last week. The company says a threat actor managed to trick one of its employees into sending wire transfers to the wrong accounts. In an SEC filing, Orion says there was no breach of its IT network, suggesting this was a classic wire fraud scheme and not a BEC scam.
Ukrainian company BrainStack has filed a legal takedown request against DDoS Secrets hosting provider FlokiNet. The company has asked the web host to remove data hosted by DDoS Secrets that belongs to a spyware company named M-Spy.
The spyware maker was hacked and had its data leaked in July after a hacker stole its Zendesk support forum database. According to TechCrunch security reporter Zach Whittaker, this marks the first time that BrainStack has confirmed ownership of the MSpy brand.
And finally, a team of Dutch security researchers has discovered a series of vulnerabilities in N-phase solar panel systems. Researchers at the Dutch Institute for Vulnerability Disclosure claim they could have hijacked over 4 million internet-exposed N-phase solar panels in 150 countries.
The vulnerabilities include weak passwords and unauthenticated remote code execution exploit chains. The DIVD says Enphase has released fixes for the vulnerabilities. And that is all for this podcast edition. Today's show was brought to you by our sponsor, CoreLite. Find them at corelite.com. Thanks for your company.